runbook
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The 'Discovery' phase in the loop prompt template (references/loop-prompt.md) creates an indirect prompt injection surface by instructing agents to audit and act upon codebase files. 1. Ingestion points: Codebase files within the user-defined scope. 2. Boundary markers: Absent from the template. 3. Capability inventory: Spawning subagents, writing to TASKS.md/LEARNINGS.md, and committing code changes. 4. Sanitization: No sanitization of ingested file content is performed.
- [COMMAND_EXECUTION]: The loop prompt template authorizes subagents to autonomously implement tasks, verify changes, and perform git commits, which is the primary intended behavior of the autonomous workflow.
- [SAFE]: The skill utilizes the 'CronCreate' tool for persistence (recurring execution), which is presented as a transparent deployment option for the user to schedule loops.
- [EXTERNAL_DOWNLOADS]: The skill's installation reference points to the author's own official GitHub repository, which is considered a trusted source for this functionality.
Audit Metadata